FBI Used Security Flaw Found by 'Professional Hackers' to Crack San Bernardino Shooter's iPhone

[doelcm82]

Well.....since the first phone, apple have not stopped jailbreaking, and that's the most publicised method , with hackers getting credit. As the previous poster said, if it runs code it can be hacked, as shown by apple never making the device jailbreak proof. If there is enough demand out there, it will happen, the smartest devs do not work for apple

Yeah, the jailbreaks depend on you starting with access to the device. Access is what they don't have. Bypassing the security of a locked iPhone is a lot different than jailbreaking a phone that you already have access to.

As far as I know, no one has yet jailbroken the secure enclave or the secure element. The passcode, encryption key, fingerprint data, credit card data, etc. are stored in memory that you can't access with DFU mode.

I realize the disadvantage of saying the iPhone is secure. All you have to do is find one person who can unlock my iPhone 6 with a strong passcode and the phone set to erase the encryption key after ten unsuccessful attempts. But the advantage I have is that you have at most until September to find this person. After that, I'll have a new iPhone with likely some new security features on top of what I currently have.

 

[allanfries]

Guaranteed the phone was probably pre IOS 9, so more than likely a non issue. But that aside using more than a 4 digit passcode is definitely a good thing. Using over 9 here, (numbers, letters, symbols)

 

[keysofanxiety]

So all iPhones and iPads earlier than the 5s are now insecure.

Your move, Tim.

Boy, you do have a way of somehow spinning everything into an anti-Apple rhetoric; it's getting a little tiresome.

Look at it this way -- all iPhones and iPads including or later than the 5S are secure, as far as we know. And considering you can pick up a Grade A condition iPhone 5S for about £140 from a distributor, which has leaps and bounds in performance over the 5 or earlier, we're already seeing fewer of the earlier devices around.

 

[MH01]

Apparently dead fingers don't work... something about bloodflow or something.

I don't think anyone has tested this on a fresh iPhone-owning corpse.

But yeah... turn off TouchID if you plan to do bad things and think you'll be killed

I did not realise that dead fingers don't work.

Neat need to make a few amends in my global conquest master plan ....

 

[DoctorTech]

So the FBI is admitting they paid "professional hackers" to violate the Digital Millennium Copyright Act which was passed by a unanimous vote of the U.S. Senate and signed into law by President Clinton in 1998?

 

[baryon]

To me it sounds like having an obscure security hole like this is sort of an advantage. On the one hand, it's not official, so almost no one knows about it, so it can't be used on a large scale. As soon as it goes public, it gets patched, so again, no long-term problems. But it does allow information to be accessed if someone reallllly wants it. And it also allowed Apple to not get involved. So Apple doesn't have to break its own security, because that would undermine not just the security of this one iPhone, but also Apple's intentions.

Apple wasn't against gaining access to this iPhone. They even suggested that the iCloud backup would have been accessible if the FBI hadn't changed the iCloud password. A backdoor is not the same as a security flaw. A backdoor is a deliberate flaw with the intent to access information on a wide scale. A security flaw is an unintentional mistake that can be exploited if we're lucky/unlucky. It doesn't make anyone look suspicious. Apple didn't put a security hole in there on purpose, so no one can say they're cooperating with the government. But Apple can't promise to produce 100% secure software, because that's impossible, so it's to be expected that there will be flaws. And the FBI could gain access to information that can help with justice. But they can't use that information against everyone automatically from now on, because security holes get patched all the time and this is a one-of case.

So it's like a safe. It's difficult to open, but it can, given enough time and effort, be opened eventually. And the safe manufacturer never had to build in a weak point that anyone can exploit if they found out about it. It's the right balance: everyone tries as hard as they can. Apple makes their security as good as they can, and hackers work as hard as they can. That prevents backdoors, but it also means that if there is a need to access information, all hope is not lost.

 

[DoctorTech]

I did not realise that dead fingers don't work.

Neat need to make a few amends in my global conquest master plan ....

I used to work for a company that made biometric security products about 9 years ago. I know there are fingerprint sensors which can distinguish between living and non-living tissue but I doubt that the sensor used in an iPhone/iPad has that capability (although it would be great if it did).

 

[drumcat]

So the FBI is admitting they paid "professional hackers" to violate the Digital Millennium Copyright Act which was passed by a unanimous vote of the U.S. Senate and signed into law by President Clinton in 1998?

You can't be so naive as to think the people that write the rules are also bound by them...

 

[Tech198]

Well... this sure "up the stakes" .....Allot of fluff out there

I don't think the FBI has a choice weather they choose to share this info or not.... It's Apple's phone..

You saying from a, company's perspective, u have no right to 'know' why my own phone got cracked ? And if its a a 'flaw' shouldn't Apple know about it anyway ? Two very good reasons to for a "government" who just shelled out money to a legal forensics company, to tell.

I guess the FBI thought, eliminate the middle man "Cellebrite" The plot thickens..

 

[Phil A.]

I used to work for a company that made biometric security products about 9 years ago. I know there are fingerprint sensors which can distinguish between living and non-living tissue but I doubt that the sensor used in an iPhone/iPad has that capability (although it would be great if it did).

It does have that capability - http://www.engadget.com/2013/09/16/why-a-disembodied-finger-cant-be-used-to-unlock-the-touch-id-se/

 

[SvenSvenson]

Exactly what Apple didn't want to happen happened.

I doubt it - I suspect the important thing to Apple wass that no legal precedent was set of them unlocking phones in this situation.

They can now attempt to make the phone even more secure so that the proposed solution of forcing on a new OS will no longer work, plus they will try to plug whatever exploit was used this time.

 

[Iconoclysm]

Them getting into the phone isn't the issue, it's
how it went down. Apple said they didn't want to help because of the risk of the method getting out into the wild. They could have just helped, kept it quiet and we may never have known, instead they practically dared the creation of a method that they now have no control over themselves.

And eventually, when that truth got out, either through an employee leak or government filings...Apple would be complete and total hypocrites for all their talk about security. You'd make a great CEO.

 

[Tech198]

I doubt it - I suspect the important thing to Apple wass that no legal precedent was set of them unlocking phones in this situation.

They can now attempt to make the phone even more secure so that the proposed solution of forcing on a new OS will no longer work, plus they will try to plug whatever exploit was used this time.

And that is something they want from the FBI... Apple did say that. Without the FBI's co-operation, it will take longer to find and patch.

Funny how the tables twist isn't it First, Apple didn't wanna tell...now it will be the FBI's turn not disclose this flaw they used to Apple.

WHy can't the FBI play by the book i.e "go to point B", instead of "take this short cut through hedge"

 

[GreyOS]

Them getting into the phone isn't the issue, it's
how it went down. Apple said they didn't want to help because of the risk of the method getting out into the wild. They could have just helped, kept it quiet and we may never have known, instead they practically dared the creation of a method that they now have no control over themselves.

There have always been flaws and hacks out there which Apple doesn't have control over. The company that sold the hack makes a living off this kind of thing. Apple will continue, as always, trying to prevent this proactively or in reaction to any public information about the hacks. But importantly, they didn't have to build in a backdoor.

 

[gnasher729]

So all iPhones and iPads earlier than the 5s are now insecure.

Your move, Tim.

If you use a four digit passcode.

There is _no way_ to get around the requirement that the correct passcode must be entered. They used some tool that allowed passcodes to be entered _without erasing the phone_ (which is an optional security feature), or at least that seems to be what they claim. They still needed the correct passcode - which is possible with your four digit passcode, but not with an eight digit code.

Your move, Benjamin. Change your passcode.

 

[szw-mapple fan]

Them getting into the phone isn't the issue, it's
how it went down. Apple said they didn't want to help because of the risk of the method getting out into the wild. They could have just helped, kept it quiet and we may never have known, instead they practically dared the creation of a method that they now have no control over themselves.

Apple said they didn't the method getting out into the wild, but the reality of the matter is that they didn't want this version to created because the federal government might demand exclusivity to the method. But if Apple wants to keep selling phones in countries like China or Russia, the governments there will demand the hacked software as well, which would be disastrous for Apple's PR.

 

[gnasher729]

Or they used PhoneView, an app for Mac that allows one to view contacts, messages, photos, call history, etc without typing in the passcode.

From an unencrypted backup on your computer. Which you prevent by turning on "encrypted backups". Plus Apple gave them the phone's backups ages ago, and they f***ed up the phones ability to create more backups.
[doublepost=1460542616][/doublepost]

Them getting into the phone isn't the issue, it's
how it went down. Apple said they didn't want to help because of the risk of the method getting out into the wild. They could have just helped, kept it quiet and we may never have known, instead they practically dared the creation of a method that they now have no control over themselves.

Hard for Apple to keep it quiet if they read in the newspapers that the FBI took them to court.
[doublepost=1460542982][/doublepost]

That method doesn't work on new phones, and people are always trying to crack the iPhone. They didn't need this case to do it. It was pretty clear that Apple believes the NSA might be sitting on a zero day attack themselves that they don't want to share. They didn't "practically dare" them, they told them to hack it themselves, no "practically" involved. I'm not sure why it's difficult to understand that Apple wants nothing to do with writing and signing software that can compromise their own phones.

It is quite possible that the NSA could hack into that iPhone 5c. It is absolutely impossible that the NSA would make that ability public to help the FBI in something that is clearly nothing more than a publicity stunt. The phone was the killer's works phone, and had a four digit passcode. If I had things that I never, ever want the police to see, they wouldn't be on my works phone, and they wouldn't be on a phone with a four digit passcode.

Here's a possibility: FBI gave the phone to the NSA, saying "try if you can hack into it". NSA opens the phone, finds nothing of value, closes it, says to the FBI "sorry, we can't".
[doublepost=1460543333][/doublepost]

Anyway, now that the contents of the phone are accessible, maybe they can show us all the nefarious plans hidden within so we know we're all safer now and they can justify the stupidity of wanting Apple to do their job for them.

Didn't you get the message that there is a dangerous computer virus hidden on the phone that endangers all of America? No way can they publicise anything from the phone without risking your freedom and money.
[doublepost=1460543469][/doublepost]

Wasn't the ability to "hack" the phone just the ability to clone the iOS image so it could run in some type of emulator? You could then run multiple copies of the image and try as many possible PINs as you could until you unlocked one of the clones.

It must have been posted more than hundred times that this doesn't work. Only the original phone can unlock the data of that phone. There are three keys: The passcode, a key that is openly visible on the flash drive, and a key that is built into the CPU and cannot be extracted from it. You need all three, so emulator is out.
[doublepost=1460543685][/doublepost]

So the FBI is admitting they paid "professional hackers" to violate the Digital Millennium Copyright Act which was passed by a unanimous vote of the U.S. Senate and signed into law by President Clinton in 1998?

DMCA is only for circumventing copy protection methods. Since the owner of the phone allowed the FBI to access it, that's fine. If the killer had been the owner, they would have had a search warrant and still be fine.

 

[Taipan]

I hope they paid him enough money to finance his next project, the victims of which might be the FBI themselves or anyone else...

 

[iapplelove]

"Professional hackers" = FBI

"Professional Criminals = FBI"

 

[mw360]

So the FBI is admitting they paid "professional hackers" to violate the Digital Millennium Copyright Act which was passed by a unanimous vote of the U.S. Senate and signed into law by President Clinton in 1998?

I see this DMCA argument is becoming a popular meme around here. When is one of you going to check whether the DMCA exempts law enforcement agents and contractors?

Here's a big clue: It does.

 

[DoctorTech]

It does have that capability - http://www.engadget.com/2013/09/16/why-a-disembodied-finger-cant-be-used-to-unlock-the-touch-id-se/

Cool. I didn't realize it had that capability.
[doublepost=1460545566][/doublepost]

I see this DMCA argument is becoming a popular meme around here. When is one of you going to check whether the DMCA exempts law enforcement agents and contractors?

Here's a big clue: It does.

Here is an even bigger clue - the "professional hackers" approached the FBI with a tool for getting into the phone. Therefore they were not necessarily a law enforcement contractor at the time they did things made illegal by the DMCA. Hence my comment, it is entirely possible the FBI paid someone for performing what would have been a criminal act at the time they did it.

 

[tgara]

I doubt it - I suspect the important thing to Apple wass that no legal precedent was set of them unlocking phones in this situation.

They can now attempt to make the phone even more secure so that the proposed solution of forcing on a new OS will no longer work, plus they will try to plug whatever exploit was used this time.

Well, that plan didn't work out so well because now Congress is looking into legislation that will require manufacturers to have ways to give the government access when needed. If a bill like this passes, it doesn't matter what Apple does, they will have to comply with the law.

https://www.macrumors.com/2016/04/08/senate-draft-encryption-bill-dangerous/

 

[You are the One]

Well, if the FBI can run a server full of pedofile porn I'm sure they can employ both grey and black hackers. But Hitlarys private mail server is off limits, as well as the criminal mega banks.

FBI as well as the other acronym agencies act like nothing more than mafia institutions serving a thoroughly rotten government.

 

[Thunderhawks]

So all iPhones and iPads earlier than the 5s are now insecure.

Your move, Tim.

Already done with the release of subsequent iOS updates.

 

[doctor-don]

Did this gray hat attempt to sell the info (about the security flaw) to Apple?